I have an existing Wordpress site. The plan is to rebuild the site using the cakePHP framework. Due to time restrictions, I want to replace individual sections of the Wordpress site one at a time. This will mean that both apps will be running side by side for a certain period of time. I need to control access to the cakePHP app using the authorization provided by Wordpress. I'm not sure the best way to go about doing this. I've seen similar questions asked a lot, but I have not yet found a clear solution.
I'm thinking about two approaches:
<strong>Plan A:</strong>
<ul>
<li>Configure Cake to look for Wordpress's authorization cookies.</li>
<li>configure Cake to look at Wordpress's database.</li>
<li>Borrow some of Wordpress's authorization logic to teach Cake's Auth component how to authenticate WP users.</li>
</ul>
<strong>Plan B:</strong>
<ul>
<li>set up an authorization API on my Wordpress site.</li>
<li>set up separate auth component in cake.</li>
<li>ping the WP endpoint when a user hits a protected page in the cake app and then manually log in the user. (This would create a second set of auth cookies)</li>
</ul>
Do either of these sound like the right approach? Is there a better way to do this?
Helpful references: <a href="http://bakery.cakephp.org/articles/...bend-cakephp-s-session-handling-to-your-needs" rel="nofollow noreferrer">Article about Cake session handling</a>, <a href="http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html" rel="nofollow noreferrer">Cake Auth component documentation</a>, <a href="http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html" rel="nofollow noreferrer">Cake Auth tutorial</a>, <a href="http://smallbusiness.chron.com/wordpress-authentication-work-59664.html" rel="nofollow noreferrer">brief overview of WP authorization</a>, <a href="http://codeseekah.com/2012/04/09/why-wordpress-authentication-unique-keys-and-salts-are-important/" rel="nofollow noreferrer">a more in depth look at wordpress authorization</a>
<strong>UPDATE</strong>
We've started working on this, and it seems like it will work, but there is a very tricky aspect involving password hashing that warrants <a href="https://stackoverflow.com/questions/15774265/password-hashing-for-sso-between-wordpress-and-cakephp">its own question</a>. If you're following this thread, you may want to have a look.
I'm thinking about two approaches:
<strong>Plan A:</strong>
<ul>
<li>Configure Cake to look for Wordpress's authorization cookies.</li>
<li>configure Cake to look at Wordpress's database.</li>
<li>Borrow some of Wordpress's authorization logic to teach Cake's Auth component how to authenticate WP users.</li>
</ul>
<strong>Plan B:</strong>
<ul>
<li>set up an authorization API on my Wordpress site.</li>
<li>set up separate auth component in cake.</li>
<li>ping the WP endpoint when a user hits a protected page in the cake app and then manually log in the user. (This would create a second set of auth cookies)</li>
</ul>
Do either of these sound like the right approach? Is there a better way to do this?
Helpful references: <a href="http://bakery.cakephp.org/articles/...bend-cakephp-s-session-handling-to-your-needs" rel="nofollow noreferrer">Article about Cake session handling</a>, <a href="http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html" rel="nofollow noreferrer">Cake Auth component documentation</a>, <a href="http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html" rel="nofollow noreferrer">Cake Auth tutorial</a>, <a href="http://smallbusiness.chron.com/wordpress-authentication-work-59664.html" rel="nofollow noreferrer">brief overview of WP authorization</a>, <a href="http://codeseekah.com/2012/04/09/why-wordpress-authentication-unique-keys-and-salts-are-important/" rel="nofollow noreferrer">a more in depth look at wordpress authorization</a>
<strong>UPDATE</strong>
We've started working on this, and it seems like it will work, but there is a very tricky aspect involving password hashing that warrants <a href="https://stackoverflow.com/questions/15774265/password-hashing-for-sso-between-wordpress-and-cakephp">its own question</a>. If you're following this thread, you may want to have a look.